Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jlozen
New Contributor

SMTP settings for Gmail

I' m currently running the AWS FortiAnalyzer version 5.0-build4073 and am trying to get email alerts configured. I read some stuff about not being able to use gmail in FortiOS versions 3.0 and 4.0 in This Article but i' m on version 5.0 and that' s a FortiGate article. I have the mail server configured under System Settings > Advanced > Mail Server and I have an event handler set up under Event Management > Event Handler. The event handler I have set up is confirmed working and it generates 2 events every time I log into a specific device using SSL. So the events are showing up and in the Event Handler settings I have " Send Alert Email" checked under the Event Handling Heading, with the To box containing my email address and the from box containing the same email address used to authenticate to smtp.gmail.com. The Mail Server settings I' m currently using are SMTP Server : smtp.gmail.com SMTP Server Port : 465 - I also tried port 587 Enable Authentication is checked and i have a confirmed working username/password entered We have the same email settings on a printer/scanner that successfully emails scans to various recipients using the same gmail smtp server settings I found This Page,This Page and This Page and have tried all the combinations of settings but I can' t seem to get it to actually send me an email. Does anyone have any ideas on what I could try next? Or able to point me to relevant documentation other than this admin guide?
6 REPLIES 6
AtiT
Valued Contributor

Hi, If I were you I wanted to see whether any packet is sent to smtp server. Log in to the analyzer via CLI and issue the comamnd: diagnose sniffer packet any ' port <portnumber>' 6 Optionally you can log it into a text file. Try to generate some event and check whether something is sent somewhere. If no there is something wrong - maybe configuration? DNS, time sttings etc. If yes, convert the captured communication to PCAP file and open it with wireshark to see whether a TLS handshake was successfull and data were sent successfully and communication closed with FIN packets. What do you see?

AtiT

AtiT
Warren_Olson_FTNT

Since you' re trying to make a direct connection to the SMTP server for gmail versus going over https, it could be your ISP does not like the fact you' re using another SMTP relay other than them and is blocking you...I cannot use any other SMTP over 25/465 over comcast but I can using a non-standard port, just a thought.
jlozen
New Contributor

Thanks for the responses, and sorry it has taken me so long to reply. We have a scanner that uses the same SMTP settings and sends pdfs of scanned documents just fine so our ISP should' t be getting in the way. I was able to get more data by trying port 587 I can contact the gmail server just fine but i' m running into an error
 Response: 530 5.7.0 Must issue a STARTTLS command first. oc3sm8703256pdb.45 - gsmtp\r\n
     Response code: Authentication required (530)
     Response parameter: 5.7.0 Must issue a STARTTLS command first. oc3sm8703256pdb.45 - gsmtp
 
So it looks like it' s communicating just fine, but the fortinet isn' t authenticating properly (I' ve checked the password more than 10 times and even logged into the email account) I don' t know of anything else I can try settings wise... it seems like it' s a fortianaylzer implementation issue and I might have to find a different solution since I can' t manipulate how the fortianalyzer talks to the gmail server. I found plenty of other pages online saying to add different parameters to the requests or to change various values, but I don' t have any control on what the packets the fortianalyzer sends out look like. Thanks for all the assistance!
TopJimmy
New Contributor

I' m having the same problem with my FAZ however all my FGT' s that were upgraded to release 5 prior to 5.0.7 work fine. I just upgraded another FGT from 4.3.15 directly to 5.0.7 and it' s having the same issues as well. I' m not wondering if it has a cert revocation issue. I' ve got an internal open relay on port 25 that it works fine with but the Google stuff doesn' t work. **edit** I take all that back. All my Fortinet products can now no longer email through Gmail. They are all getting this generic error: " Failed to send alert email from smtp.gmail.com to (networkalerts@xxxxx.xxx)" (domain masked by me). I wonder what Google did that changed this. It was working last week.
-TJ
-TJ
jlozen
New Contributor

I was successfully able to get the Restricted Gmail SMTP server settings to work since I' m sending to a gmail account, but it' s not using SSL so it' s not encrypted or anything and therefore unfit as a solution...
limvuihan

In case anyone still figure how to setup fortianalyzer with gmail in 2017, you may refer my blog and the setup using TLS1.2

 

 

http://www.limvuihan.com/2017/01/fortianalyzer-with-gmail-setting.html

 

Analyzer version using 5.2

 

Thanks

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors